ServiceNow has agreed to buy cybersecurity firm Armis for $7.75 billion in cash, a deal that would push the enterprise software company deeper into a fast-growing corner of security focused on tracking and reducing “exposure” across sprawling networks of connected devices.
The companies said Tuesday that combining ServiceNow’s workflow and risk products with Armis’ asset discovery and cyber-physical security tools would create an end-to-end system intended to detect vulnerable devices, prioritize risks and route remediation through automated operational processes. That vision reflects a broader shift in cybersecurity: visibility and response are increasingly being treated as continuous, integrated business functions rather than standalone technical tools.
“ServiceNow is building the security platform of tomorrow,” said Amit Zavery, president, chief operating officer, and chief product officer at ServiceNow. “In the agentic AI era, intelligent trust and governance that span any cloud, any asset, any AI system, and any device are non-negotiable if companies want to scale AI for the long-term. Together with Armis, we will deliver an industry-defining strategic cybersecurity shield for real-time, end-to-end proactive protection across all technology estates. Modern cyber risk doesn’t stay neatly confined to a single silo, and with security built into the ServiceNow AI Platform, neither will we.”
Armis specializes in mapping and classifying devices across information technology systems and operational technology, including industrial controls and medical devices. Those environments, often essential to manufacturing, hospitals and critical infrastructure, have become prominent concerns as more equipment is connected to networks but remains difficult to inventory with traditional security software. Armis says it performs “agentless” discovery, meaning it can identify devices without installing software on each endpoint, a key consideration for older or regulated systems.
“AI is transforming the threat landscape faster than most organizations can adapt. Every connected asset has become a potential point of vulnerability,” said Yevgeny Dibrov, co-founder and CEO of Armis. “We built Armis to protect the most critical environments and give both public and private sector organizations the real-time intelligence they need to stay ahead – so they can see their entire environment clearly, understand risk in context, and take action before an incident occurs. Together with ServiceNow, customers will have a powerful new way to reduce their exposure and strengthen security at scale.”
ServiceNow, best known for IT service management and enterprise workflow products, has been building a security and risk business that it said crossed $1 billion in annual contract value in the third quarter of 2025. The company described the Armis deal as a way to “more than triple” its market opportunity in security and risk. While such projections are inherently forward-looking, the figure underscores how cybersecurity has become a major battleground for large platform vendors seeking to consolidate multiple functions into a single suite.
The announcement also highlights the industry’s preoccupation with artificial intelligence, both as a tool for defenders and a driver of new risks. ServiceNow framed the acquisition around “AI-native” and “agentic” capabilities, language that has become common as vendors race to incorporate autonomous features into security operations. The premise is that, as networks expand and threats move faster, human analysts cannot manually triage every alert or vulnerability, making automation and prioritization central selling points.
In the second half of 2025 alone:
- Palo Alto Networks announced it will acquire Chronosphere, a cloud observability platform, for $3.35 billion in cash and equity.
- Cloud security company Zscaler announced it has acquired SplxAI, an artificial intelligence security platform.
- Veeam acquired Securiti AI for $1.7 billion.
- Check Point acquired AI security firm Lakera.
- Mitsubishi Electric acquired OT and IoT cybersecurity specialist Nozomi Networks for $1 billion.
The companies cited a forecast that worldwide end-user spending on information security will rise 12.5% in 2026 to $240 billion, attributing growth to evolving threats and the expanding use of AI and generative AI. Whether those drivers translate into better security outcomes remains debated, but the spending trajectory signals continued pressure on organizations to manage risk across more endpoints, more software and more interconnected supply chains.
If completed, the deal would also strengthen ServiceNow’s position in so-called cyber-physical security, an area that blurs the line between digital compromise and real-world disruption. The integration described by the companies links Armis’ real-time device intelligence to ServiceNow’s configuration management database, which ties technical assets to business services and responsible teams. That connection, they argue, would make remediation more actionable by directing fixes to the people who can implement them.
Armis, founded in 2015, reported more than $340 million in annual recurring revenue and said it employs about 950 people. The company counts Global 2000 customers, including more than 35% of the Fortune 100, and said it serves government agencies and public-sector organizations.